Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Command-: MP4Box -crypt test.xml $POC -out test.mp4
Version-: MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master
Reproducer file-: Reproducer
GDB-:
IsoMedia import id:000034,sig:11,src:000003,op:flip4,pos:8995 - track ID 1 - media type "sdsm:mp4s" [BS] Attempt to write 128 bits, when max is 32 Program received signal SIGSEGV, Segmentation fault. [ Legend: Modified register | Code | Heap | Stack | String ] ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ──── $rax : 0x0 $rbx : 0x0 $rcx : 0x0 $rdx : 0x1 $rsp : 0x00007fffffff8fc0 → 0x0000000100000000 $rbp : 0x2153 $rsi : 0x1 $rdi : 0x00005555555bff20 → 0x0000000000000000 $rip : 0x00007ffff7b0e625 → <gf_media_update_bitrate+389> mov DWORD PTR [rax+0x14], ecx $r8 : 0x2 $r9 : 0x1 $r10 : 0x0 $r11 : 0x00005555555c37c0 → 0x0000000000000001 $r12 : 0x2153 $r13 : 0x00005555555bff20 → 0x0000000000000000 $r14 : 0x1 $r15 : 0x00005555555c4460 → 0x0000000000010003 $eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification] $cs: 0x0033 $ss: 0x002b $ds: 0x0000 $es: 0x0000 $fs: 0x0000 $gs: 0x0000 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ──── 0x00007fffffff8fc0│+0x0000: 0x0000000100000000 ← $rsp 0x00007fffffff8fc8│+0x0008: 0x0000000000000000 0x00007fffffff8fd0│+0x0010: 0x0000000000002153 ("S!"?) 0x00007fffffff8fd8│+0x0018: 0x00000000000003e8 0x00007fffffff8fe0│+0x0020: 0x00007fffffff9000 → 0x0000000000000000 0x00007fffffff8fe8│+0x0028: 0x00005555555c4460 → 0x0000000000010003 0x00007fffffff8ff0│+0x0030: 0x0000000000000000 0x00007fffffff8ff8│+0x0038: 0x0000000000000000 ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ──── 0x7ffff7b0e618 <gf_media_update_bitrate+376> sbb BYTE PTR [r9+r9*4-0x11], r9b 0x7ffff7b0e61d <gf_media_update_bitrate+381> mov edx, 0x1 0x7ffff7b0e622 <gf_media_update_bitrate+386> mov esi, r14d → 0x7ffff7b0e625 <gf_media_update_bitrate+389> mov DWORD PTR [rax+0x14], ecx 0x7ffff7b0e628 <gf_media_update_bitrate+392> mov rax, QWORD PTR [r15+0x18] 0x7ffff7b0e62c <gf_media_update_bitrate+396> mov rcx, r15 0x7ffff7b0e62f <gf_media_update_bitrate+399> mov DWORD PTR [rax+0x10], ebx 0x7ffff7b0e632 <gf_media_update_bitrate+402> mov rax, QWORD PTR [r15+0x18] 0x7ffff7b0e636 <gf_media_update_bitrate+406> mov DWORD PTR [rax+0xc], ebp ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ──── [#0] Id 1, Name: "MP4Box", stopped, reason: SIGSEGV ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ──── [#0] 0x7ffff7b0e625 → gf_media_update_bitrate() [#1] 0x7ffff7b13cd6 → gf_import_isomedia() [#2] 0x7ffff7b211d5 → gf_media_import() [#3] 0x55555556df0a → mp4boxMain() [#4] 0x7ffff74b5b97 → __libc_start_main(main=0x5555555631e0 <main>, argc=0x6, argv=0x7fffffffdfe8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfd8) [#5] 0x55555556321a → _start() ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── 0x00007ffff7b0e625 in gf_media_update_bitrate () from /usr/local/lib/libgpac.so.8 gef➤ bt #0 0x00007ffff79d18fd in gf_isom_get_track_id () from /usr/local/lib/libgpac.so.8 #1 0x00007ffff7b45ef1 in gf_crypt_file () from /usr/local/lib/libgpac.so.8 #2 0x0000555555577575 in mp4boxMain (argc=0x6, argv=0x7fffffffdfb8) at main.c:5474 #3 0x00005555555796a3 in main (argc=0x6, argv=0x7fffffffdfb8) at main.c:5985 gef➤ i r rax 0x0 0x0 rbx 0x0 0x0 rcx 0x20 0x20 rdx 0x0 0x0 rsi 0x0 0x0 rdi 0x5555555d0650 0x5555555d0650 rbp 0x7ffffffbd660 0x7ffffffbd660 rsp 0x7ffffffbd640 0x7ffffffbd640 r8 0x0 0x0 r9 0x0 0x0 r10 0x19 0x19 r11 0x7ffff79d18b5 0x7ffff79d18b5 r12 0x555555562470 0x555555562470 r13 0x7fffffffdfb0 0x7fffffffdfb0 r14 0x0 0x0 r15 0x0 0x0 rip 0x7ffff79d18fd 0x7ffff79d18fd <gf_isom_get_track_id+72> eflags 0x10202 [ IF RF ] cs 0x33 0x33 ss 0x2b 0x2b ds 0x0 0x0 es 0x0 0x0 fs 0x0 0x0 gs 0x0 0x0 gef➤ exploitable Description: Access violation near NULL on source operand Short description: SourceAvNearNull (16/22) Hash: a5cc92255fba44e928c1a0bb49438db1.a5cc92255fba44e928c1a0bb49438db1 Exploitability Classification: PROBABLY_NOT_EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor. Other tags: AccessViolation (21/22)
The text was updated successfully, but these errors were encountered:
fixed potential crash - cf #1406
8e585e6
fixed, thanks for the report
Sorry, something went wrong.
No branches or pull requests
Command-: MP4Box -crypt test.xml $POC -out test.mp4
Version-: MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master
Reproducer file-: Reproducer
GDB-:
The text was updated successfully, but these errors were encountered: